package com.loong.web.suppert.auth;

import javax.servlet.http.HttpServletRequest;

/**
 * 用户sessions工具类
 *
 * @author 张成轩
 */
public class UserSessions {

	/** 用户参数名 */
	private static final String ATTR_USER = "_user";

	/**
	 * 添加用户Session
	 * 
	 * @param request 请求
	 * @param user 用户对象
	 */
	public static void setUser(HttpServletRequest request, User user) {

		request.getSession().setAttribute(ATTR_USER, user);
	}

	/**
	 * 获取用户Session
	 * 
	 * @param request 请求
	 * @return 用户
	 */
	public static User getUser(HttpServletRequest request) {

		return (User) request.getSession().getAttribute(ATTR_USER);
	}

	/**
	 * 移除用户Session
	 * 
	 * @param request 请求
	 */
	public static void removeUser(HttpServletRequest request) {

		request.getSession().removeAttribute(ATTR_USER);
	}

	/**
	 * 是否有权限
	 * 
	 * @param request 请求
	 * @param auth 权限
	 * @return 是否
	 */
	public static boolean has(HttpServletRequest request, String auth) {

		User user = getUser(request);
		if (user == null)
			return false;
		return user.has(auth);
	}
}
